Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
Combining Internal and External Information<br />
Comprehensive situation awareness is achieved by combining threat and vulnerability intelligence from internal<br />
and external sources. Most organizations employ SIEM systems and IPS/IDS solutions, which provide<br />
valuable insight into incidents within networks. However, even serious cyber threats can be dismissed as<br />
random attacks, if the security personnel lack the global abuse situation awareness needed to examine events<br />
in coordination with other security incidents.<br />
Similarly, external abuse information requires<br />
network-specific intelligence to be applied into<br />
practice. Figure 10 depicts the iteration of abuse<br />
situation awareness from internal and external<br />
sources. The internal resources include vulnerability<br />
and threat information from internal threat<br />
monitoring and in-house fuzz tests. The external<br />
resources include general abuse feeds and<br />
industry-specific threat information. Utilizing<br />
external information sources used to be challenging,<br />
due to the lack of common information<br />
sharing standards. AbuseSA solves this problem<br />
by being format-independent. You can use AbuseSA collect and present information in any format making<br />
it easier to combine internal and external security intelligence. The AbuseSA also makes it possible to share<br />
security information within industries on a completely new level.<br />
13<br />
Conclusion<br />
Cyber attacks are getting more sophisticated and traditional signature-based defenses are no longer enough<br />
to secure increasingly public networks. There has been a sharp rise in Advanced Persistent Threats, highlymotivated<br />
and well-resourced groups carrying out high-impact attacks. These attacks frequently exploit zeroday<br />
vulnerabilities making them hard to detect and difficult to defend against.<br />
This paper presented two approaches to handling such threats. Firstly, fuzzing can be used to prevent zeroday<br />
attacks by getting rid of exploitable vulnerabilities proactively. Secondly, abuse situation awareness provides<br />
you with the information you need to respond to cyber attacks rapidly.<br />
The best results can be achieved by incorporating fuzzing and situation awareness best practices in to your<br />
organizations processes. Fuzzing should be a part of your software development and procurement processes.<br />
Similarly, abuse situation awareness should be a part of your network monitoring processes automating the<br />
collection of abuse and incident information from internal and external sources. Due to the complexity and<br />
vastness of critical networks, the only effective form of cyber security is proactive cyber security.